Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday February 07 2018, @11:05PM   Printer-friendly
from the colour-me-surprised-again dept.

Every few years, bugs known to affect all known version of Microsoft Windows turn up calling into question many claims from the lobbying giant regarding their software branch. The Inquirer is one of many sites reporting on recently leaked NSA tools which can target all versions of Windows from the past two decades. Althougth the emphasis in the article titles is on NSA, the exploits only make use of widely known holes in Microsoft systems which Microsoft often tells NSA about long before issuing an attempt at a patch. Their collaboration goes back for years, and even long before it was the first to join the NSA in kicking off the Prism program.

Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000.

Windows machines taken over through these exploits are part of a large black market industry where compromised machines are bought, sold, traded, and fought over for the purposes of producing spam, launching distributed denial of service attacks, spreading further malware, ad click spoofing, manipulating polls and games, and many more illegal activities.

Source : https://www.theinquirer.net/inquirer/news/3026129/leaked-nsa-hacking-tools-can-target-all-windows-versions-from-the-past-two-decades


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by Runaway1956 on Thursday February 08 2018, @12:52AM (7 children)

    by Runaway1956 (2926) Subscriber Badge on Thursday February 08 2018, @12:52AM (#634577) Journal

    Leaked NSA tools can get into every Windows OS ever!

    • (Score: 2) by maxwell demon on Thursday February 08 2018, @12:58AM (6 children)

      by maxwell demon (1608) on Thursday February 08 2018, @12:58AM (#634581) Journal

      I doubt they can get into Windows 2.0 — for the simple fact that it didn't support networking.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 3, Informative) by requerdanos on Thursday February 08 2018, @01:06AM

        by requerdanos (5997) Subscriber Badge on Thursday February 08 2018, @01:06AM (#634584) Journal

        Windows 2.0... didn't support networking

        Not as a Windows component, no, but it ran on top of DOS, which did have something called "Microsoft LAN Manager" which you could run to provide networking support. The familiar "NET [USE, etc.]" commands are a remnant of LAN Manager.

      • (Score: 2) by Runaway1956 on Thursday February 08 2018, @02:33AM (4 children)

        by Runaway1956 (2926) Subscriber Badge on Thursday February 08 2018, @02:33AM (#634639) Journal

        WinNT 3.1 was apparently the first Win OS that wasn't built on top of DOS. https://en.wikipedia.org/wiki/Windows_NT_3.1 [wikipedia.org] However, all consumer versions of Windows prior to Win95 were just overlays on top of DOS. If Windows was installed on a DOS which had networking, then Windows was able to connect to networks.

        That Wiki page helps to clarify the history of OS/2 and NT, if anyone has questions on that subject. Basically, Windows3 was a continuation of OS/2, whereas, NT3 incorporated things like 32 bit disk access. In 1993, NT3 had Lan Manager built in.

        • (Score: 4, Informative) by requerdanos on Thursday February 08 2018, @02:53AM (3 children)

          by requerdanos (5997) Subscriber Badge on Thursday February 08 2018, @02:53AM (#634648) Journal

          all consumer versions of Windows prior to Win95 were just overlays on top of DOS.

          all consumer versions of Windows prior to Win95 including 95, 98, and ME were just overlays on top of DOS.

          Windows 95 was built on top of DOS and had a "boot to plain DOS" feature.

          Windows 98 was built on top of DOS and had a "boot to plain DOS" feature.

          Windows ME was built on top of DOS and had a "boot to plain DOS" feature that was hidden by default.

          hth.

          • (Score: 2) by Runaway1956 on Thursday February 08 2018, @10:29AM (2 children)

            by Runaway1956 (2926) Subscriber Badge on Thursday February 08 2018, @10:29AM (#634808) Journal

            My bad - I should have specified that DOS remained integral to the later Win9x OS's. The difference was, until Win95, you installed a DOS - basically any version of MSDOS - first, then installed Windows over top of that version of DOS. Memory grows a little fuzzy, but I think it was DOS 6.22 at the end, with DBLSPACE, and Win3.11 for me. But, all of the Win versions were equally happy sitting on DOS5, or DOS3.1.

            There were forum discussions at the time of Win95, 98, and 98SE about DOS7, but I'm not aware of anyone who ever got a DOS7 system working, separately from a Windows installation.

            • (Score: 2) by kazzie on Thursday February 08 2018, @03:07PM (1 child)

              by kazzie (5309) Subscriber Badge on Thursday February 08 2018, @03:07PM (#634943)

              I suppose it depends on what you mean by 'separately'. You could rig a Win9x installation to always boot in MS-DOS mode quite easily. Win9x also allowed you to create a bootable floppy which would boot plain vanilla DOS (7). Then just add your DOS-mode device drivers, etc...

              • (Score: 2) by Freeman on Friday February 09 2018, @05:17PM

                by Freeman (732) on Friday February 09 2018, @05:17PM (#635577) Journal

                This is what I did to get Ultima VII to run nicely on Win9X Machines. Then I found Exult, which by and large fixed the issue of being able to play Ultima VII on modern machines. Of course there's also DOSBox and FreeDOS now.

                --
                Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 5, Insightful) by requerdanos on Thursday February 08 2018, @01:04AM (11 children)

    by requerdanos (5997) Subscriber Badge on Thursday February 08 2018, @01:04AM (#634583) Journal

    holes in Microsoft systems which Microsoft often tells NSA about long before issuing an attempt at a patch. Their collaboration goes back for years

    Is it really just me who hears alarm bells accompanying any such statement? Why does Windows still even exist as a going concern, given the above? This is a significant part of why I don't run Windows anymore and I encourage World+Dog to join me in this.

    If I was really anti-NSA to the core (and I am pretty anti-NSA, go away NSA, I am a US-ian, leave me alone), I would not use Internet [theguardian.com] either. But I guess you have to pick your battles.

    "Don't use Windows," for me, in my situation, is pretty easy, while "Don't use Internet" would be a lot harder.

    If you are required to use Windows by your employer, this is a shame. But if required to use it by your school, that's a frightening injustice [gnu.org] that furthers the cycle of dependence on an undesirable ecosystem.

    • (Score: 3, Insightful) by Azuma Hazuki on Thursday February 08 2018, @03:11AM (10 children)

      by Azuma Hazuki (5086) on Thursday February 08 2018, @03:11AM (#634655) Journal

      The older I get the more I realize the world follows the golden rule: he who has the gold makes the rules. Most of our fellow human beings, it appears, are utter moral nullities. And there's nothing we can do about it; when the worst of them get power, we can't even realistically defend ourselves.

      --
      I am "that girl" your mother warned you about...
      • (Score: 2) by crafoo on Thursday February 08 2018, @04:10AM (6 children)

        by crafoo (6639) on Thursday February 08 2018, @04:10AM (#634665)

        Money, "gold", is a proxy for power. Power means you can make people do things they would otherwise prefer not to. So yeah, people with the power make the rules and then enforce them with violence as necessary. It has interesting implications once you take it to heart, in a Realpolitik sense. Who actually rules our country? How do we interact with the rest of the world and in what manner do we make agreements?

        One of the most fascinating aspects of the latest PC and SJW trend is their ability to amass some amount of power over their fellow citizens through what appears to be simply controlling speech, language, and communication. I don't think it will survive when those with real power decide it no longer serves them.

        • (Score: 5, Informative) by Azuma Hazuki on Thursday February 08 2018, @05:13AM (2 children)

          by Azuma Hazuki (5086) on Thursday February 08 2018, @05:13AM (#634686) Journal

          You don't think the ones with "real power" are on your side, do you? Please don't delude yourself into thinking they'll let you be part of the club if you kiss up to them enough...

          --
          I am "that girl" your mother warned you about...
          • (Score: 4, Informative) by canopic jug on Thursday February 08 2018, @05:57AM (1 child)

            by canopic jug (3949) Subscriber Badge on Thursday February 08 2018, @05:57AM (#634711) Journal

            You don't think the ones with "real power" are on your side, do you? Please don't delude yourself into thinking they'll let you be part of the club if you kiss up to them enough...

            The late George Carlin said it rather clearly for those obtuse enough not to see it for themselves or in too much denial to admit what they see: "It's a big club and you ain't in it [youtube.com]"

            Likewise, sucking up to Bill and his empire won't somehow, magically make anyone wealthy or powerful. He got his money from his parents and the DOS monopoly granted by his mom's connections inside IBM. From there it was just to continue his sole college activity of playing poker (bluff and bullshit) and Risk (leverage and extend an existing monopoly) using those two presents.

            About the known lack of security in any Windows system, that ignored by people hoping find a path to riches and wealth by sucking up to Bill. However, on a national level, I'm starting to wonder how indpendent some countries really are and how much their own politicians are really allowed to make their own decisions. It's in no country's own interest to run or use M$ products at all. Yet they all do, almost exclusively. However, it is a great advantage to have their opponents using M$ products, in both government and business. That guarantees no surprises and that intel teams can check up on activities as needed without any inconvenience.

            --
            Money is not free speech. Elections should not be auctions.
            • (Score: 2) by t-3 on Thursday February 08 2018, @05:28PM

              by t-3 (4907) on Thursday February 08 2018, @05:28PM (#635049)

              Countries using Windows isn't surprising. Corruption and bureaucracy go hand in hand. I can't think of any countries with a functioning government that don't also have massive bureaucracies, so the bribes to buy MS (and push it to the population, in schools, services, etc) are almost 100% guaranteed to be effective.

        • (Score: 2) by captain normal on Thursday February 08 2018, @05:18AM (1 child)

          by captain normal (2205) on Thursday February 08 2018, @05:18AM (#634689)

          Ahh...the "Golden Rule".Then there is another rule: "Grab the one who has the gold by the balls, and they are sure to follow".

          --
          When life isn't going right, go left.
          • (Score: 2) by kazzie on Thursday February 08 2018, @03:08PM

            by kazzie (5309) Subscriber Badge on Thursday February 08 2018, @03:08PM (#634944)

            Is that what they do on Golden balls [wikipedia.org]?

        • (Score: 2) by DannyB on Thursday February 08 2018, @03:36PM

          by DannyB (5839) Subscriber Badge on Thursday February 08 2018, @03:36PM (#634959) Journal

          One of two things needs to happen:

          1. There needs to be less corruption.
          -OR-
          2. There needs to be more opportunity to participate in it.

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 2) by realDonaldTrump on Thursday February 08 2018, @05:32PM (2 children)

        by realDonaldTrump (6614) on Thursday February 08 2018, @05:32PM (#635052) Homepage Journal

        Our nation’s capital, Washington, is a swamp. It's a swamp built on a swamp. I call it the swamp. You have tremendous waste, fraud, and abuse. I'm going to DRAIN THE SWAMP. It’s going to be America First. One team, one people, one American family.

  • (Score: 2) by stormwyrm on Thursday February 08 2018, @08:50AM

    by stormwyrm (717) on Thursday February 08 2018, @08:50AM (#634785) Journal

    These same clowns also want to be entrusted with the master keys for backdoored encryption technology? The fact that they are stockpiling these exploits instead of reporting them to Microsoft to have them fixed causes enough damage as it is. If they get their way with encryption backdoors, which amounts to incorporating a deliberate vulnerability worse than any of those in encryption systems, within two weeks the FSB, the Mossad, and the Chinese Ministry of State Security will have these backdoor master keys too, with the other intelligence agencies of the world getting them as well soon after. Within a few months likely those keys would also leak to the black hat underground, and then there will be a wave of cybercrime that would dwarf any crimes that might have been prevented through the use of backdoored encryption.

    --
    Numquam ponenda est pluralitas sine necessitate.
  • (Score: 3, Funny) by DannyB on Thursday February 08 2018, @03:33PM

    by DannyB (5839) Subscriber Badge on Thursday February 08 2018, @03:33PM (#634956) Journal

    So these NSA tools are now cross platform?

    Using Microsoft's daffynition of cross platform:

    Cross Platform (adjective) [Computing]
    1. The ability to run on Windows 95, Windows 98, Windows XP, Windows NT, Windows ME, Windows 2000, Windows XP . . . etc ad nauseum
    2. A platform for a cross.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
(1)